Weekly Cyber Security News 06/07/2018

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Many, many to choose from this week – in a sad way. I will start off with something we can all learn from, one that is tragic in the scale of damage to not just one, but to many businesses in one hit:

• AU: Cyanweb Solutions hit by ‘criminal hacking’, website data and backups lost Nico Arboleda and Steven Kiernan report

Risk assessment, consideration of contingency planing and review of security in advance at regular points could well have saved them much heart ache. Still further, as shown but the example that Gentoo suffered this week, tracking access as well as similar reviews might have helped. They were lucky:

• Weak Admin Password Enabled Gentoo GitHub Breach

• Gentoo Publishes Incident Report After GitHub Hack

Many other examples of issues this week I could focus on, such as Typeform, however I think I will end on some wondrous low level research…

• Researchers Create Attacks That Compromise LTE Data Communication

 

Other stuff to nose at:

• Costa Coffee Applicant Details Hacked in PageUp Breach Ed Targett reports

• Fortnum & Mason shopper’s details stolen in Typeform’s data breach Natasha Bernal reports

• No data breach at Patreon, but proactive notice caused some concern

• Typeform Announces Breach After Hacker Grabs Backup File Catalin Cimpanu reports

• TypeForm breach affects Travelodge guests, too Alessandro Carrara reports

• Typeform Data Breach Hits Many Organizations

• From data security darling to cyber fall guy, Monzo experiences a breach of its own Finextra reports

• In: Yatra.com breach: How to check if your data is compromised, and what to do if it is Shilpa S. Ranipeta reports

• Privacy breach: Swann sent home security camera footage to the wrong person

• California, Home of Silicon Valley, Ramps Up Online Privacy Law

• Chinese police bust 7 suspects in large data theft operation Xinhua reports on a huge bust

• Facebook Notifies 800,000 Users of Blocking Bug

• New Smoke Loader Attack Targets Multiple Credentials

• NHS Digital Erroneously Reveals Data of 150,000 Patients

• NSA deleting millions of phone call and text records over privacy violations

• Preparing for Transport Layer Security 1.3

• SystmOne software glitch fouls up opt-out, results in NHS improperly sharing 150,000 patient’s info BBC reports

• UK Banks Must Produce Backup Plans for Cyberattacks Financial services firms in Britain have three months to explain how they would stay up and running in the event of an attack or service disruption.

• Vulnerabilities Patched in VMware ESXi, Workstation, Fusion

• World’s first practical quantum random number generator to transform internet security

• XXE in WeChat Pay Sdk ( WeChat leave a backdoor on merchant websites)

• Facebook App Exposed Data of 120 Million Users

• Rowhammer Variant ‘RAMpage’ Targets Android Devices All Over Again

• Samsung Investigates Claims of Spontaneous Texting of Images to Contacts

• Adware already infected at least 78000 Fortnite Players